/* * Phishing module: domain list implementation. * * Copyright (C) 2006 Török Edvin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, * MA 02110-1301, USA. * * $Log: phish_domaincheck_db.c,v $ * Revision 1.5 2006/10/10 23:51:49 tkojm * apply patches for the anti-phish code from Edwin * * Revision 1.4 2006/10/07 13:55:01 tkojm * fix handlers * * Revision 1.3 2006/10/07 11:00:46 tkojm * make the experimental anti-phishing code more thread safe * * Revision 1.2 2006/09/26 18:55:36 njh * Fixed portability issues * * Revision 1.1 2006/09/13 19:40:27 njh * First draft * * Revision 1.1 2006/09/12 19:38:39 acab * Phishing module merge - libclamav * * Revision 1.3 2006/08/20 21:18:11 edwin * Added the script used to generate iana_tld.sh * Added checks for phish_domaincheck_db * Added phishing module design document from wiki (as discussed with aCaB). * Updated .wdb/.pdb format documentation (in regex_list.c) * Fixed some memory leaks in regex_list.c * IOW: cleanups before the deadline. * I consider my module to be ready for evaluation now. * * Revision 1.2 2006/08/09 16:26:44 edwin * Forgot to add these files * */ #if HAVE_CONFIG_H #include "clamav-config.h" #endif #ifdef CL_EXPERIMENTAL #ifndef CL_DEBUG #define NDEBUG #endif #ifdef CL_THREAD_SAFE #ifndef _REENTRANT #define _REENTRANT #endif #endif #include #include #include #include #ifdef HAVE_STRINGS_H #include #endif #include #include #include "clamav.h" #include #ifdef HAVE_REGEX_H /*#define USE_PCRE*/ #include #endif #if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2) #include #endif #include "others.h" #include "defaults.h" #include "str.h" #include "filetypes.h" #include "mbox.h" #include "phish_domaincheck_db.h" #include "regex_list.h" #include "matcher-ac.h" int domainlist_match(const struct cl_engine* engine,const char* real_url,const char* display_url,int hostOnly,unsigned short* flags) { const char* info; int rc = engine->domainlist_matcher ? regex_list_match(engine->domainlist_matcher,real_url,display_url,hostOnly,&info,0) : 0; if(rc && info && info[0]) {/*match successfull, and has custom flags*/ if(strlen(info)==3 && isxdigit(info[0]) && isxdigit(info[1]) && isxdigit(info[2])) { unsigned short notwantedflags=0; sscanf(info,"%hx",¬wantedflags); *flags &= ~notwantedflags;/* filter unwanted phishcheck flags */ } else { cli_warnmsg("Phishcheck:Unknown flag format in domainlist, 3 hex digits expected"); } } return rc; } int init_domainlist(struct cl_engine* engine) { if(engine) { engine->domainlist_matcher = (struct regex_matcher *) cli_malloc(sizeof(struct regex_matcher)); if(!engine->domainlist_matcher) return CL_EMEM; return init_regex_list(engine->domainlist_matcher); } else return CL_ENULLARG; } int is_domainlist_ok(const struct cl_engine* engine) { return (engine && engine->domainlist_matcher) ? is_regex_ok(engine->domainlist_matcher) : 1; } void domainlist_cleanup(const struct cl_engine* engine) { if(engine && engine->domainlist_matcher) { regex_list_cleanup(engine->domainlist_matcher); } } void domainlist_done(struct cl_engine* engine) { if(engine && engine->domainlist_matcher) { regex_list_done(engine->domainlist_matcher); free(engine->domainlist_matcher); engine->domainlist_matcher = NULL; } } #endif